- sia audio che video riprodotti a scatti o al rallentatore ma non nell'immediato, sia sul web che sul pc
- spegnimenti improvvisi ma le temperature sono tutte perfettamente nella norma ed inoltre la tempistica degli spegnimenti non suggerice come causa l'aumento di temperature
- rallentamenti generali anche dopo aver deframmentato ed eliminato tutti i processi in avvio automatico non strettissimamente necessari
- la scansione con GMER non viene mai completata, il pc s'inchioda verso metà scansione
- a volte la connessione alla rete pur essendoci risulta disabilitata in molti processi di aggiornamento di numerosi programmi (non sempre ma spesso)
- alcuni processi come explorer.exe e svchost.exe (con una decina di voci presenti) arrivano a consumare insieme numeose risorse (sui 150MB o più), ho visto le dipendenze con Process Explorer ma non ho notato nulla di anormale
![Boh [boh]](http://www.megalab.it/forum/images/smilies/dntknw.gif)
pensando ad un virus ho fatto la scansione con ComboFix (che non capisco per quale miracolo, dato che non me lo faceva avviare un mesetto fa, ha potuto portare a termine) ed ecco il log
ComboFix 10-01-21.01 - Roberto 22/01/2010 13.28.34.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1023.670 [GMT 1:00]
Eseguito da: c:\documents and settings\Roberto\Desktop\fanculizzatore.exe
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
((((((((((((((((((((((((( Files Creati Da 2009-12-22 al 2010-01-22 )))))))))))))))))))))))))))))))))))
.
2010-01-21 23:45 . 2010-01-21 23:45 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-01-21 14:49 . 2010-01-21 14:50 -------- d-----w- c:\programmi\WinUtilities
2010-01-20 19:39 . 2010-01-21 23:39 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\TeraCopy
2010-01-20 19:39 . 2010-01-20 19:39 -------- d-----w- c:\programmi\TeraCopy
2010-01-20 19:17 . 2010-01-20 19:17 50354 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Facebook\uninstall.exe
2010-01-20 19:17 . 2010-01-20 19:17 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Facebook
2010-01-14 13:11 . 2010-01-14 13:11 -------- d-----w- c:\programmi\Glary Utilities
2010-01-13 19:33 . 2010-01-13 19:33 -------- d-----w- c:\programmi\AnVir Task Manager
2010-01-13 19:32 . 2010-01-13 19:45 -------- d-----w- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\AnVir
2010-01-13 12:48 . 2009-11-21 15:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-08 13:36 . 2010-01-08 13:36 83 ----a-w- c:\windows\system32\gpupdate.bin
2010-01-08 13:35 . 2010-01-08 13:35 -------- d-----w- c:\programmi\SoundTaxi Media Suite
2010-01-08 13:35 . 2010-01-08 13:36 -------- d-----w- c:\programmi\RadioGet
2010-01-08 12:33 . 2010-01-06 11:08 4726272 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\zofgkiy1.default\extensions\piclens@cooliris.com\libs\cooliris190.dll
2010-01-08 12:33 . 2010-01-06 11:08 103424 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\zofgkiy1.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2010-01-08 12:33 . 2010-01-06 11:08 545280 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\zofgkiy1.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2010-01-08 12:33 . 2010-01-06 11:08 4725760 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\zofgkiy1.default\extensions\piclens@cooliris.com\libs\cooliris192.dll
2010-01-08 12:33 . 2010-01-06 11:08 57856 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\zofgkiy1.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2010-01-08 12:33 . 2010-01-06 11:08 153600 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\zofgkiy1.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2010-01-08 12:33 . 2010-01-06 11:08 344064 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\zofgkiy1.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2010-01-07 17:24 . 2010-01-05 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-01-07 17:13 . 2010-01-17 14:03 -------- d-----w- c:\programmi\MyDefrag v4.2.7
2010-01-06 13:07 . 2009-12-17 23:08 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-01-05 20:03 . 2001-12-28 19:59 151552 ----a-w- c:\windows\system32\setuplib.dll
2010-01-05 20:03 . 2001-11-23 11:43 6071 ----a-w- c:\windows\system32\InstFunc.dll
2010-01-05 20:03 . 2001-07-23 08:42 86275 ----a-w- c:\windows\system32\waitwnd.exe
2010-01-05 20:03 . 2001-08-06 19:43 308227 ----a-w- c:\windows\IsUn0410.exe
2010-01-05 20:03 . 2010-01-05 20:03 -------- d-----w- c:\documents and settings\Roberto\WINDOWS
2010-01-05 19:56 . 2009-04-02 15:43 520 ----a-w- c:\windows\system32\drivers\SamSfPa.dat
2010-01-05 19:56 . 2008-10-23 16:42 290816 ----a-w- c:\windows\vncutil.exe
2010-01-05 19:56 . 2009-04-20 14:13 36864 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-01-05 19:56 . 2009-03-17 13:07 122880 ----a-w- c:\windows\RtkAudioService.exe
2010-01-05 19:56 . 2006-01-04 14:41 1389056 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2010-01-05 19:56 . 2008-08-05 19:10 1684736 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2010-01-05 19:56 . 2010-01-05 19:56 -------- d-----w- c:\programmi\Realtek
2010-01-05 19:56 . 2010-01-05 19:56 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-01-05 19:55 . 2009-04-16 16:23 540672 ----a-w- c:\windows\RtlExUpd.dll
2010-01-05 19:37 . 2010-01-05 19:37 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\DeviceDoctorSoftware
2010-01-05 19:37 . 2010-01-05 19:37 -------- d-----w- c:\programmi\Device Doctor
2009-12-27 00:16 . 2009-12-27 00:16 6064 ----a-w- c:\windows\system32\d3d9caps.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-22 00:17 . 2009-11-18 00:29 753936 ----a-w- c:\windows\cscmondump.bin
2010-01-22 00:05 . 2009-10-03 11:56 -------- d-----w- c:\programmi\Unlocker
2010-01-21 23:18 . 2009-10-02 16:46 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\uTorrent
2010-01-21 22:45 . 2009-11-02 17:44 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\vlc
2010-01-21 15:30 . 2009-10-03 12:20 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-01-21 14:47 . 2009-11-17 23:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-01-20 18:27 . 2009-11-16 07:40 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Ketarin
2010-01-16 14:42 . 2009-10-31 13:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2010-01-16 14:41 . 2009-10-04 21:56 -------- d-----w- c:\programmi\Messenger Plus! Live
2010-01-11 17:17 . 2009-10-24 14:00 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-01-09 15:02 . 2009-10-02 16:39 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-01-09 15:01 . 2009-12-19 15:57 5115824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 17:25 . 2009-10-20 14:54 -------- d-----w- c:\programmi\K-Lite Codec Pack
2010-01-07 17:11 . 2009-10-02 16:44 -------- d-----w- c:\programmi\Notepad++
2010-01-07 15:07 . 2009-10-02 16:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-10-02 16:39 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 13:08 . 2009-11-14 15:08 -------- d-----w- c:\programmi\TuneUp Utilities 2010
2010-01-05 19:55 . 2009-10-01 19:29 -------- d-----w- c:\programmi\File comuni\InstallShield
2010-01-05 19:36 . 2004-08-19 12:00 81240 ----a-w- c:\windows\system32\perfc010.dat
2010-01-05 19:36 . 2004-08-19 12:00 482458 ----a-w- c:\windows\system32\perfh010.dat
2010-01-05 19:27 . 2009-10-02 16:46 -------- d-----w- c:\programmi\uTorrent
2010-01-01 23:11 . 2009-12-13 15:46 -------- d-----w- c:\programmi\Crayon Physics Deluxe
2009-12-27 13:18 . 2009-10-02 14:05 29776 ----a-w- c:\windows\system32\drivers\OAnet.sys
2009-12-27 13:18 . 2009-10-02 14:05 24656 ----a-w- c:\windows\system32\drivers\OAmon.sys
2009-12-27 13:17 . 2009-10-02 14:05 223312 ----a-w- c:\windows\system32\drivers\OADriver.sys
2009-12-22 23:36 . 2009-11-17 23:36 138828 ----a-w- c:\windows\cscmon.bin
2009-12-18 21:31 . 2009-12-14 17:54 -------- d-----w- c:\programmi\Avidemux 2.5
2009-12-17 23:14 . 2009-11-14 15:09 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2009-12-17 06:50 . 2009-12-17 06:50 847040 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Facebook\axfbootloader.dll
2009-12-17 06:49 . 2009-12-17 06:49 5562368 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Facebook\npfbplugin_1_0_0.dll
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-14 17:55 . 2009-12-14 17:55 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\avidemux
2009-12-13 17:32 . 2009-12-13 17:32 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Icevc
2009-12-13 17:32 . 2009-12-13 17:32 -------- d-----w- c:\programmi\Icevc
2009-12-13 16:45 . 2009-12-13 15:47 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Crayon Physics Deluxe
2009-12-12 14:15 . 2009-10-20 14:54 178176 ----a-w- c:\windows\system32\unrar.dll
2009-12-12 14:12 . 2009-12-12 14:11 -------- d-----w- c:\programmi\HD Tune Pro
2009-12-12 12:33 . 2009-12-12 12:33 3584 ----a-r- c:\documents and settings\Roberto\Dati applicazioni\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-12-12 12:33 . 2009-12-12 12:33 -------- d-----w- c:\programmi\Windows Installer Clean Up
2009-12-12 12:32 . 2009-12-12 12:32 -------- d-----w- c:\programmi\MSECACHE
2009-12-10 19:16 . 2009-12-10 19:16 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Thunderbird
2009-12-09 19:36 . 2009-12-09 19:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Returnil
2009-12-09 19:30 . 2009-12-09 19:30 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Returnil
2009-12-08 14:11 . 2009-12-08 14:11 -------- d-----w- c:\programmi\Sandboxie
2009-12-08 14:09 . 2009-12-08 14:08 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\FILEminimizerPictures
2009-12-08 14:08 . 2009-12-08 14:08 -------- d-----w- c:\programmi\FILEminimizer Pictures
2009-12-08 13:34 . 2009-11-17 23:54 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-06 18:38 . 2009-10-02 16:59 1 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-06 13:56 . 2009-12-06 13:56 -------- d-----w- c:\programmi\NKProds
2009-12-02 17:31 . 2009-12-02 17:31 -------- d-----w- c:\programmi\PowerISO
2009-12-01 16:37 . 2009-12-01 16:32 -------- d-----w- c:\programmi\jv16 PowerTools 2009
2009-12-01 16:32 . 2009-12-01 16:32 23 --sha-w- c:\windows\system32\edacded0.dat
2009-11-30 14:04 . 2009-11-30 14:04 -------- d-----w- c:\programmi\SpeedFan
2009-11-29 20:57 . 2009-11-29 20:54 -------- d-----w- c:\programmi\ATI
2009-11-29 20:44 . 2009-10-03 18:41 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Inkscape
2009-11-29 20:43 . 2009-11-29 20:27 -------- d-----w- c:\programmi\Inkscape
2009-11-25 23:58 . 2009-11-25 23:58 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\dvdcss
2009-11-25 21:59 . 2009-11-11 20:01 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\IObit
2009-11-25 21:59 . 2009-11-11 20:01 -------- d-----w- c:\programmi\IObit
2009-11-23 19:40 . 2009-11-23 19:40 -------- d-----w- c:\programmi\Opera
2009-11-22 11:43 . 2004-08-19 12:00 219648 ----a-w- c:\windows\system32\uxtheme.dll
2009-11-21 15:54 . 2004-08-19 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 16:52 . 2009-11-19 16:52 25214 ----a-r- c:\documents and settings\Roberto\Dati applicazioni\Microsoft\Installer\{1B54FF9E-5FDD-11DE-8B01-005056C00008}\RunProductNameDskt_985F828E0E98429F9C05EF3BDE7568F7.exe
2009-11-19 16:52 . 2009-11-19 16:52 25214 ----a-r- c:\documents and settings\Roberto\Dati applicazioni\Microsoft\Installer\{1B54FF9E-5FDD-11DE-8B01-005056C00008}\RunProductName_985F828E0E98429F9C05EF3BDE7568F7.exe
2009-11-19 16:52 . 2009-11-19 16:52 10134 ----a-r- c:\documents and settings\Roberto\Dati applicazioni\Microsoft\Installer\{1B54FF9E-5FDD-11DE-8B01-005056C00008}\ARPPRODUCTICON.exe
2009-11-16 12:42 . 2009-11-16 12:42 4248840 ----a-w- c:\windows\system32\qtp-mt334.dll
2009-11-16 12:41 . 2009-11-16 12:41 248584 ----a-w- c:\windows\system32\prgiso.dll
2009-11-14 14:02 . 2009-11-09 14:58 45 ----a-w- c:\windows\system32\_WDYSZYG.sys
2009-11-09 03:21 . 2009-11-09 03:21 59388 ----a-w- c:\windows\system32\drivers\scdemu.sys
2009-11-07 19:53 . 2009-11-07 19:53 673280 ----a-w- c:\windows\is-Q8I59.exe
2009-11-07 12:13 . 2009-10-03 12:02 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-07 12:12 . 2009-11-07 12:12 152576 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-05 15:38 . 2009-11-20 18:46 1669120 ----a-w- c:\windows\system32\BootMan.exe
2009-10-29 07:40 . 2004-08-19 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 14:46 . 2009-11-17 23:35 132424 ----a-w- c:\windows\system32\drivers\CFRMD.sys
2009-10-27 08:53 . 2009-10-27 08:53 8192 ----a-w- c:\windows\system32\CSC.exe
.
------- Sigcheck -------
[7] 2009-08-04 . B591BF7D603926A0465B42E93F6AA44D . 2192896 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2009-08-04 . 9A164A8C771E9F2A5C8FE15FE7F74E2F . 2148864 . . [5.1.2600.5857] . . c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2009-08-04 . C41D026393C36632F704567966F31C2B . 2310144 . . [5.1.2600.5857] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2009-08-04 . C41D026393C36632F704567966F31C2B . 2310144 . . [5.1.2600.5857] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-08-04 . C41D026393C36632F704567966F31C2B . 2310144 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-08-04 . 66C0988D9B1BB7F41437D91DBCFDF927 . 2193024 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-10 . 3B5928FCD0DD3E10DEB1C13CA35201F6 . 2192896 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2005-03-02 . C120A33C71E706545CF26D6276BC0344 . 2183296 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[7] 2009-08-04 . 845344F22D2BA7CDD2847B0B0A5D0EDD . 2069888 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[7] 2009-08-04 . 7DF79C43603FBDB4399841FD7FC4C50A . 2069760 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2009-08-04 . A624667565D96E7DE0871CC1A144ED1C . 2027520 . . [5.1.2600.5857] . . c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2009-08-04 . 996066D6DC908136C3A54236F4D3BDD1 . 2188800 . . [5.1.2600.5857] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2009-08-04 . 996066D6DC908136C3A54236F4D3BDD1 . 2188800 . . [5.1.2600.5857] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-08-04 . 996066D6DC908136C3A54236F4D3BDD1 . 2188800 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-09 . FF69166080436A31A3EAC9CC7C3F1847 . 2069888 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2005-03-02 . DE16030E8209FD96EEB06D9E3D8C84A8 . 2060672 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-17 17880576]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-12-27 923336]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Orbit.lnk]
backup=c:\windows\pss\Orbit.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Roberto^Menu Avvio^Programmi^Esecuzione automatica^ERUNT AutoBackup.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^Roberto^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.1.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Informer
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\@OnlineArmor GUI]
2009-12-27 13:19 6722760 ----a-w- c:\programmi\Tall Emu\Online Armor\oaui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2009-11-20 12:51 2335880 ----a-w- c:\programmi\IObit\Advanced SystemCare 3\AWC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnVir Task Manager]
2009-12-28 20:37 3313888 ----a-w- c:\programmi\AnVir Task Manager\AnVir.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 15:41 45056 ----a-w- c:\programmi\ATI Technologies\ATI.ACE\CLI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-10-02 12:34 133104 ----atw- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:44 3883856 ----a-w- c:\programmi\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mylbx]
2009-08-20 06:38 1075888 ----a-w- c:\programmi\My Lockbox\mylbx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\programmi\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-11-20 17:15 1826816 ----a-w- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-07 12:13 149280 ----a-w- c:\programmi\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-10-22 15:37 39408 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2009-10-26 07:33 15872 ----a-w- c:\programmi\Unlocker\UnlockerAssistant.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\programmi\Spybot - Search & Destroy\TeaTimer.exe
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe"
"RegistryMechanic"=c:\programmi\Registry Mechanic\RegMech.exe /H
"SandboxieControl"="c:\programmi\Sandboxie\SbieCtrl.exe"
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe"
"Malwarebytes Anti-Malware (reboot)"="c:\programmi\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"Collegamento alla pagina delle proprietà di High Definition Audio"=HDAShCut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Opera\\opera.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 CFRMD;cfrmd;c:\windows\system32\drivers\CFRMD.sys [18/11/2009 0.35.45 132424]
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [02/10/2009 17.48.11 43792]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [02/10/2009 15.05.07 223312]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [02/10/2009 15.05.07 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [02/10/2009 15.05.07 29776]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [02/10/2009 17.48.12 73392]
R2 OAcat;Online Armor Helper Service;c:\programmi\Tall Emu\Online Armor\oacat.exe [02/10/2009 15.05.06 1282248]
R2 SvcOnlineArmor;Online Armor;c:\programmi\Tall Emu\Online Armor\oasrv.exe [02/10/2009 15.05.06 3431112]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [05/01/2010 20.56.06 1684736]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [20/11/2009 19.46.38 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [20/11/2009 19.46.39 8456]
S3 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [22/10/2009 16.37.59 133104]
S3 RGService;RGService;c:\programmi\RadioGet\RGService.exe [08/01/2010 14.35.10 335872]
S3 SbieDrv;SbieDrv;c:\programmi\Sandboxie\SbieDrv.sys [01/12/2009 14.55.10 119296]
S3 STSService;STSService;c:\programmi\SoundTaxi Media Suite\STSService.exe [29/09/2009 11.41.04 335872]
S3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [18/12/2009 0.12.10 1044808]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 7.24.44 10064]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'
2010-01-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-01-22 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2010-01-14 11:09]
2010-01-22 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-02 15:37]
2010-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-10-22 15:37]
2010-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-10-22 15:37]
2010-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-682003330-911625447-1004Core.job
- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-10-02 12:34]
2010-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-682003330-911625447-1004UA.job
- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-10-02 12:34]
2010-01-10 c:\windows\Tasks\SmartDefrag.job
- c:\programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-11-29 12:48]
.
.
------- Scansione supplementare -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\zofgkiy1.default\
FF - component: c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\zofgkiy1.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\zofgkiy1.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\Roberto\Dati applicazioni\Facebook\npfbplugin_1_0_0.dll
FF - plugin: c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\zofgkiy1.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1739.5352\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\programmi\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\programmi\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\programmi\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\programmi\Opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
MSConfigStartUp-avgnt - c:\programmi\Avira\AntiVir Desktop\avgnt.exe
MSConfigStartUp-F - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-22 13:36
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
C:\My Lockbox
Scansione completata con successo
Files nascosti: 1
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2724)
c:\windows\system32\WININET.dll
c:\programmi\Tall Emu\Online Armor\OAwatch.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2010-01-22 13:41:48
ComboFix-quarantined-files.txt 2010-01-22 12:41
Pre-Run: 94.346.657.792 byte disponibili
Post-Run: 94.369.054.720 byte disponibili
WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 3F5BC3432C97000957755C7D0FC31BE5
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1023.670 [GMT 1:00]
Eseguito da: c:\documents and settings\Roberto\Desktop\fanculizzatore.exe
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
((((((((((((((((((((((((( Files Creati Da 2009-12-22 al 2010-01-22 )))))))))))))))))))))))))))))))))))
.
2010-01-21 23:45 . 2010-01-21 23:45 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-01-21 14:49 . 2010-01-21 14:50 -------- d-----w- c:\programmi\WinUtilities
2010-01-20 19:39 . 2010-01-21 23:39 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\TeraCopy
2010-01-20 19:39 . 2010-01-20 19:39 -------- d-----w- c:\programmi\TeraCopy
2010-01-20 19:17 . 2010-01-20 19:17 50354 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Facebook\uninstall.exe
2010-01-20 19:17 . 2010-01-20 19:17 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Facebook
2010-01-14 13:11 . 2010-01-14 13:11 -------- d-----w- c:\programmi\Glary Utilities
2010-01-13 19:33 . 2010-01-13 19:33 -------- d-----w- c:\programmi\AnVir Task Manager
2010-01-13 19:32 . 2010-01-13 19:45 -------- d-----w- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\AnVir
2010-01-13 12:48 . 2009-11-21 15:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-08 13:36 . 2010-01-08 13:36 83 ----a-w- c:\windows\system32\gpupdate.bin
2010-01-08 13:35 . 2010-01-08 13:35 -------- d-----w- c:\programmi\SoundTaxi Media Suite
2010-01-08 13:35 . 2010-01-08 13:36 -------- d-----w- c:\programmi\RadioGet
2010-01-08 12:33 . 2010-01-06 11:08 4726272 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\zofgkiy1.default\extensions\piclens@cooliris.com\libs\cooliris190.dll
2010-01-08 12:33 . 2010-01-06 11:08 103424 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\zofgkiy1.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2010-01-08 12:33 . 2010-01-06 11:08 545280 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\zofgkiy1.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2010-01-08 12:33 . 2010-01-06 11:08 4725760 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\zofgkiy1.default\extensions\piclens@cooliris.com\libs\cooliris192.dll
2010-01-08 12:33 . 2010-01-06 11:08 57856 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\zofgkiy1.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2010-01-08 12:33 . 2010-01-06 11:08 153600 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\zofgkiy1.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2010-01-08 12:33 . 2010-01-06 11:08 344064 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\zofgkiy1.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2010-01-07 17:24 . 2010-01-05 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-01-07 17:13 . 2010-01-17 14:03 -------- d-----w- c:\programmi\MyDefrag v4.2.7
2010-01-06 13:07 . 2009-12-17 23:08 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-01-05 20:03 . 2001-12-28 19:59 151552 ----a-w- c:\windows\system32\setuplib.dll
2010-01-05 20:03 . 2001-11-23 11:43 6071 ----a-w- c:\windows\system32\InstFunc.dll
2010-01-05 20:03 . 2001-07-23 08:42 86275 ----a-w- c:\windows\system32\waitwnd.exe
2010-01-05 20:03 . 2001-08-06 19:43 308227 ----a-w- c:\windows\IsUn0410.exe
2010-01-05 20:03 . 2010-01-05 20:03 -------- d-----w- c:\documents and settings\Roberto\WINDOWS
2010-01-05 19:56 . 2009-04-02 15:43 520 ----a-w- c:\windows\system32\drivers\SamSfPa.dat
2010-01-05 19:56 . 2008-10-23 16:42 290816 ----a-w- c:\windows\vncutil.exe
2010-01-05 19:56 . 2009-04-20 14:13 36864 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-01-05 19:56 . 2009-03-17 13:07 122880 ----a-w- c:\windows\RtkAudioService.exe
2010-01-05 19:56 . 2006-01-04 14:41 1389056 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2010-01-05 19:56 . 2008-08-05 19:10 1684736 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2010-01-05 19:56 . 2010-01-05 19:56 -------- d-----w- c:\programmi\Realtek
2010-01-05 19:56 . 2010-01-05 19:56 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-01-05 19:55 . 2009-04-16 16:23 540672 ----a-w- c:\windows\RtlExUpd.dll
2010-01-05 19:37 . 2010-01-05 19:37 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\DeviceDoctorSoftware
2010-01-05 19:37 . 2010-01-05 19:37 -------- d-----w- c:\programmi\Device Doctor
2009-12-27 00:16 . 2009-12-27 00:16 6064 ----a-w- c:\windows\system32\d3d9caps.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-22 00:17 . 2009-11-18 00:29 753936 ----a-w- c:\windows\cscmondump.bin
2010-01-22 00:05 . 2009-10-03 11:56 -------- d-----w- c:\programmi\Unlocker
2010-01-21 23:18 . 2009-10-02 16:46 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\uTorrent
2010-01-21 22:45 . 2009-11-02 17:44 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\vlc
2010-01-21 15:30 . 2009-10-03 12:20 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-01-21 14:47 . 2009-11-17 23:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-01-20 18:27 . 2009-11-16 07:40 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Ketarin
2010-01-16 14:42 . 2009-10-31 13:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2010-01-16 14:41 . 2009-10-04 21:56 -------- d-----w- c:\programmi\Messenger Plus! Live
2010-01-11 17:17 . 2009-10-24 14:00 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-01-09 15:02 . 2009-10-02 16:39 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-01-09 15:01 . 2009-12-19 15:57 5115824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 17:25 . 2009-10-20 14:54 -------- d-----w- c:\programmi\K-Lite Codec Pack
2010-01-07 17:11 . 2009-10-02 16:44 -------- d-----w- c:\programmi\Notepad++
2010-01-07 15:07 . 2009-10-02 16:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-10-02 16:39 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 13:08 . 2009-11-14 15:08 -------- d-----w- c:\programmi\TuneUp Utilities 2010
2010-01-05 19:55 . 2009-10-01 19:29 -------- d-----w- c:\programmi\File comuni\InstallShield
2010-01-05 19:36 . 2004-08-19 12:00 81240 ----a-w- c:\windows\system32\perfc010.dat
2010-01-05 19:36 . 2004-08-19 12:00 482458 ----a-w- c:\windows\system32\perfh010.dat
2010-01-05 19:27 . 2009-10-02 16:46 -------- d-----w- c:\programmi\uTorrent
2010-01-01 23:11 . 2009-12-13 15:46 -------- d-----w- c:\programmi\Crayon Physics Deluxe
2009-12-27 13:18 . 2009-10-02 14:05 29776 ----a-w- c:\windows\system32\drivers\OAnet.sys
2009-12-27 13:18 . 2009-10-02 14:05 24656 ----a-w- c:\windows\system32\drivers\OAmon.sys
2009-12-27 13:17 . 2009-10-02 14:05 223312 ----a-w- c:\windows\system32\drivers\OADriver.sys
2009-12-22 23:36 . 2009-11-17 23:36 138828 ----a-w- c:\windows\cscmon.bin
2009-12-18 21:31 . 2009-12-14 17:54 -------- d-----w- c:\programmi\Avidemux 2.5
2009-12-17 23:14 . 2009-11-14 15:09 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2009-12-17 06:50 . 2009-12-17 06:50 847040 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Facebook\axfbootloader.dll
2009-12-17 06:49 . 2009-12-17 06:49 5562368 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Facebook\npfbplugin_1_0_0.dll
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-14 17:55 . 2009-12-14 17:55 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\avidemux
2009-12-13 17:32 . 2009-12-13 17:32 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Icevc
2009-12-13 17:32 . 2009-12-13 17:32 -------- d-----w- c:\programmi\Icevc
2009-12-13 16:45 . 2009-12-13 15:47 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Crayon Physics Deluxe
2009-12-12 14:15 . 2009-10-20 14:54 178176 ----a-w- c:\windows\system32\unrar.dll
2009-12-12 14:12 . 2009-12-12 14:11 -------- d-----w- c:\programmi\HD Tune Pro
2009-12-12 12:33 . 2009-12-12 12:33 3584 ----a-r- c:\documents and settings\Roberto\Dati applicazioni\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-12-12 12:33 . 2009-12-12 12:33 -------- d-----w- c:\programmi\Windows Installer Clean Up
2009-12-12 12:32 . 2009-12-12 12:32 -------- d-----w- c:\programmi\MSECACHE
2009-12-10 19:16 . 2009-12-10 19:16 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Thunderbird
2009-12-09 19:36 . 2009-12-09 19:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Returnil
2009-12-09 19:30 . 2009-12-09 19:30 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Returnil
2009-12-08 14:11 . 2009-12-08 14:11 -------- d-----w- c:\programmi\Sandboxie
2009-12-08 14:09 . 2009-12-08 14:08 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\FILEminimizerPictures
2009-12-08 14:08 . 2009-12-08 14:08 -------- d-----w- c:\programmi\FILEminimizer Pictures
2009-12-08 13:34 . 2009-11-17 23:54 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-06 18:38 . 2009-10-02 16:59 1 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-06 13:56 . 2009-12-06 13:56 -------- d-----w- c:\programmi\NKProds
2009-12-02 17:31 . 2009-12-02 17:31 -------- d-----w- c:\programmi\PowerISO
2009-12-01 16:37 . 2009-12-01 16:32 -------- d-----w- c:\programmi\jv16 PowerTools 2009
2009-12-01 16:32 . 2009-12-01 16:32 23 --sha-w- c:\windows\system32\edacded0.dat
2009-11-30 14:04 . 2009-11-30 14:04 -------- d-----w- c:\programmi\SpeedFan
2009-11-29 20:57 . 2009-11-29 20:54 -------- d-----w- c:\programmi\ATI
2009-11-29 20:44 . 2009-10-03 18:41 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Inkscape
2009-11-29 20:43 . 2009-11-29 20:27 -------- d-----w- c:\programmi\Inkscape
2009-11-25 23:58 . 2009-11-25 23:58 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\dvdcss
2009-11-25 21:59 . 2009-11-11 20:01 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\IObit
2009-11-25 21:59 . 2009-11-11 20:01 -------- d-----w- c:\programmi\IObit
2009-11-23 19:40 . 2009-11-23 19:40 -------- d-----w- c:\programmi\Opera
2009-11-22 11:43 . 2004-08-19 12:00 219648 ----a-w- c:\windows\system32\uxtheme.dll
2009-11-21 15:54 . 2004-08-19 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 16:52 . 2009-11-19 16:52 25214 ----a-r- c:\documents and settings\Roberto\Dati applicazioni\Microsoft\Installer\{1B54FF9E-5FDD-11DE-8B01-005056C00008}\RunProductNameDskt_985F828E0E98429F9C05EF3BDE7568F7.exe
2009-11-19 16:52 . 2009-11-19 16:52 25214 ----a-r- c:\documents and settings\Roberto\Dati applicazioni\Microsoft\Installer\{1B54FF9E-5FDD-11DE-8B01-005056C00008}\RunProductName_985F828E0E98429F9C05EF3BDE7568F7.exe
2009-11-19 16:52 . 2009-11-19 16:52 10134 ----a-r- c:\documents and settings\Roberto\Dati applicazioni\Microsoft\Installer\{1B54FF9E-5FDD-11DE-8B01-005056C00008}\ARPPRODUCTICON.exe
2009-11-16 12:42 . 2009-11-16 12:42 4248840 ----a-w- c:\windows\system32\qtp-mt334.dll
2009-11-16 12:41 . 2009-11-16 12:41 248584 ----a-w- c:\windows\system32\prgiso.dll
2009-11-14 14:02 . 2009-11-09 14:58 45 ----a-w- c:\windows\system32\_WDYSZYG.sys
2009-11-09 03:21 . 2009-11-09 03:21 59388 ----a-w- c:\windows\system32\drivers\scdemu.sys
2009-11-07 19:53 . 2009-11-07 19:53 673280 ----a-w- c:\windows\is-Q8I59.exe
2009-11-07 12:13 . 2009-10-03 12:02 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-07 12:12 . 2009-11-07 12:12 152576 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-05 15:38 . 2009-11-20 18:46 1669120 ----a-w- c:\windows\system32\BootMan.exe
2009-10-29 07:40 . 2004-08-19 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 14:46 . 2009-11-17 23:35 132424 ----a-w- c:\windows\system32\drivers\CFRMD.sys
2009-10-27 08:53 . 2009-10-27 08:53 8192 ----a-w- c:\windows\system32\CSC.exe
.
------- Sigcheck -------
[7] 2009-08-04 . B591BF7D603926A0465B42E93F6AA44D . 2192896 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2009-08-04 . 9A164A8C771E9F2A5C8FE15FE7F74E2F . 2148864 . . [5.1.2600.5857] . . c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2009-08-04 . C41D026393C36632F704567966F31C2B . 2310144 . . [5.1.2600.5857] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2009-08-04 . C41D026393C36632F704567966F31C2B . 2310144 . . [5.1.2600.5857] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-08-04 . C41D026393C36632F704567966F31C2B . 2310144 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-08-04 . 66C0988D9B1BB7F41437D91DBCFDF927 . 2193024 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-10 . 3B5928FCD0DD3E10DEB1C13CA35201F6 . 2192896 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2005-03-02 . C120A33C71E706545CF26D6276BC0344 . 2183296 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[7] 2009-08-04 . 845344F22D2BA7CDD2847B0B0A5D0EDD . 2069888 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[7] 2009-08-04 . 7DF79C43603FBDB4399841FD7FC4C50A . 2069760 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2009-08-04 . A624667565D96E7DE0871CC1A144ED1C . 2027520 . . [5.1.2600.5857] . . c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2009-08-04 . 996066D6DC908136C3A54236F4D3BDD1 . 2188800 . . [5.1.2600.5857] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2009-08-04 . 996066D6DC908136C3A54236F4D3BDD1 . 2188800 . . [5.1.2600.5857] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-08-04 . 996066D6DC908136C3A54236F4D3BDD1 . 2188800 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-09 . FF69166080436A31A3EAC9CC7C3F1847 . 2069888 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2005-03-02 . DE16030E8209FD96EEB06D9E3D8C84A8 . 2060672 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-17 17880576]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-12-27 923336]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Orbit.lnk]
backup=c:\windows\pss\Orbit.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Roberto^Menu Avvio^Programmi^Esecuzione automatica^ERUNT AutoBackup.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^Roberto^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.1.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Informer
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\@OnlineArmor GUI]
2009-12-27 13:19 6722760 ----a-w- c:\programmi\Tall Emu\Online Armor\oaui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2009-11-20 12:51 2335880 ----a-w- c:\programmi\IObit\Advanced SystemCare 3\AWC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnVir Task Manager]
2009-12-28 20:37 3313888 ----a-w- c:\programmi\AnVir Task Manager\AnVir.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 15:41 45056 ----a-w- c:\programmi\ATI Technologies\ATI.ACE\CLI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-10-02 12:34 133104 ----atw- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:44 3883856 ----a-w- c:\programmi\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mylbx]
2009-08-20 06:38 1075888 ----a-w- c:\programmi\My Lockbox\mylbx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\programmi\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-11-20 17:15 1826816 ----a-w- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-07 12:13 149280 ----a-w- c:\programmi\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-10-22 15:37 39408 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2009-10-26 07:33 15872 ----a-w- c:\programmi\Unlocker\UnlockerAssistant.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\programmi\Spybot - Search & Destroy\TeaTimer.exe
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe"
"RegistryMechanic"=c:\programmi\Registry Mechanic\RegMech.exe /H
"SandboxieControl"="c:\programmi\Sandboxie\SbieCtrl.exe"
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe"
"Malwarebytes Anti-Malware (reboot)"="c:\programmi\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"Collegamento alla pagina delle proprietà di High Definition Audio"=HDAShCut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Opera\\opera.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 CFRMD;cfrmd;c:\windows\system32\drivers\CFRMD.sys [18/11/2009 0.35.45 132424]
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [02/10/2009 17.48.11 43792]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [02/10/2009 15.05.07 223312]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [02/10/2009 15.05.07 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [02/10/2009 15.05.07 29776]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [02/10/2009 17.48.12 73392]
R2 OAcat;Online Armor Helper Service;c:\programmi\Tall Emu\Online Armor\oacat.exe [02/10/2009 15.05.06 1282248]
R2 SvcOnlineArmor;Online Armor;c:\programmi\Tall Emu\Online Armor\oasrv.exe [02/10/2009 15.05.06 3431112]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [05/01/2010 20.56.06 1684736]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [20/11/2009 19.46.38 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [20/11/2009 19.46.39 8456]
S3 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [22/10/2009 16.37.59 133104]
S3 RGService;RGService;c:\programmi\RadioGet\RGService.exe [08/01/2010 14.35.10 335872]
S3 SbieDrv;SbieDrv;c:\programmi\Sandboxie\SbieDrv.sys [01/12/2009 14.55.10 119296]
S3 STSService;STSService;c:\programmi\SoundTaxi Media Suite\STSService.exe [29/09/2009 11.41.04 335872]
S3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [18/12/2009 0.12.10 1044808]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 7.24.44 10064]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'
2010-01-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-01-22 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2010-01-14 11:09]
2010-01-22 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-02 15:37]
2010-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-10-22 15:37]
2010-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-10-22 15:37]
2010-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-682003330-911625447-1004Core.job
- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-10-02 12:34]
2010-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-682003330-911625447-1004UA.job
- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-10-02 12:34]
2010-01-10 c:\windows\Tasks\SmartDefrag.job
- c:\programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-11-29 12:48]
.
.
------- Scansione supplementare -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\zofgkiy1.default\
FF - component: c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\zofgkiy1.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\zofgkiy1.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\Roberto\Dati applicazioni\Facebook\npfbplugin_1_0_0.dll
FF - plugin: c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\zofgkiy1.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1739.5352\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\programmi\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\programmi\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\programmi\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\programmi\Opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
MSConfigStartUp-avgnt - c:\programmi\Avira\AntiVir Desktop\avgnt.exe
MSConfigStartUp-F - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-22 13:36
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
C:\My Lockbox
Scansione completata con successo
Files nascosti: 1
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2724)
c:\windows\system32\WININET.dll
c:\programmi\Tall Emu\Online Armor\OAwatch.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2010-01-22 13:41:48
ComboFix-quarantined-files.txt 2010-01-22 12:41
Pre-Run: 94.346.657.792 byte disponibili
Post-Run: 94.369.054.720 byte disponibili
WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 3F5BC3432C97000957755C7D0FC31BE5
![Grazie [grazie]](http://www.megalab.it/forum/images/smilies/Grazie.gif)
![Smile [std]](http://www.megalab.it/forum/images/smilies/happy.gif)